The approaches described in this section could be pursued but are not necessarily approaches that have previously been conceived or pursued. Therefore, unless otherwise indicated, it should not be assumed that any of the approaches described in this section qualify as prior art merely by virtue of their inclusion in this section.
In a secured data network, a service request is subjected to a security check. If a service request matches a threat signature, also referred to as a security signature, the request can be denied or discarded. Using this approach, the request cannot reach an intended application, thereby preventing a possible security threat. Examples of such threats include Distributed Denial of Service (DDoS) attacks, web site phishing, email virus, zero-day attack, and many others. Typically, security systems are implemented on a network device, such as a switch, a router, a load balancer, or a network appliance within a data network.
However, security signatures are not fool proof. There are false positive situations where a proper service request is falsely identified as a threat when the service request matches a security signature. Due to the security system's strict denial policy, the benign service request may never reach the intended server no matter how many times a user tries to resend the same service request. The user would believe, upon failure of the service request, that the network session or the service request is unavailable. Therefore, it is desirable to mark the network session or the service request with a threat level without blocking or denying the network session or service request.